Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Count Telemetry

MetricsLogsTracesBindPlane Agent
v1.27.0\+

Description

The Count Telemetry Processor can count the number of logs, metric data points, or trace spans matching some filter, and create a metric with that value. Both the name and units of the created metric can be configured. Additionally, fields from matching logs can be preserved as metric attributes.

Use

Count Telemetry is especially useful as a way to convert your logs to metrics, allowing you to drop logs you don't need while still capturing signal from them.

A frequent use case is to count how many logs you're getting from your web server by http status code. This lets you see if you're getting 500s, without paying to store logs for your 200s. See below for specific configuration examples.

Configuration

FieldDescription
Telemetry TypesThe types of telemetry to apply the processor to.
Match ExpressionOTTL expression to find matching logs. Uses the log context for logs, .datapoint context for metrics, and span context for traces.
Metric NameThe name of the metric created.
Metric UnitsThe unit of the metric created. See Unified Code for Units of Measure for available units.
Metric AttributesThe mapped attributes of the metric created. Each key is an attribute name. Each value is an expression that extracts data from the log.

Example Configurations

Count all telemetry

By default, enabling metrics, traces, or logs will count all of their respective telemetry types. Below is an example of what this looks like when we want to count all logs.

observIQ docs - Count Telemetry - image 1

Count HTTP Requests by Status (logs)

In this configuration, we want to parse our HTTP server logs to count how many requests were completed, broken down by status code. Our logs are JSON with the following structure:

JSON
1{
2  "level": "warn",
3  "host": "10.0.10.0",
4  "datetime":"2022-12-07T13:21",
5  "method": "POST",
6  "request": "/api/create",
7  "protocol": "HTTP/1.1",
8  "status": 500
9}

The match expression will exclude all logs without a status code in its body:

expr
1body["status"] != nil

We'll name this metric http.request.count, then we'll use the status code for the status_code metric attribute on the created metric:

yaml
1log_attributes:
2  status_code: body["status"]
observIQ docs - Count Telemetry - image 2